Infosec bits for 2024 week 20

Maajied Moos | May 17, 2024, 2:35 p.m.

Cybersecurity News:

Cybersecurity in a Race to Unmask a New Wave of AI-Borne Deepfakes [https://www.darkreading.com/threat-intelligence/cybersecurity-in-a-race-to-unmask-a-new-wave-of-ai-borne-deepfakes, Dark Reading]

Why Tokens Are Like Gold for Opportunistic Threat Actors [John A. Smith, Dark Reading]

Log4Shell shows no sign of fading, spotted in 30% of CVE exploits [Help Net Security, Help Net Security]

Vulnerabilities & Patches:

Google fixes fifth Chrome zero-day exploited in attacks this year [Bill Toulas, Bleeping Computer]

CISA Adds One Known Exploited Vulnerability to Catalog [CISA, CISA]

Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS [Ryan Naraine, Security Week]

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws [Lawrence Abrams, Bleeping Computer]

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation [Newsroom, The Hacker News]

Adobe Patches Critical Flaws in Reader, Acrobat [Ryan Naraine, Security Week]

Flaw in Wi-Fi Standard Can Enable SSID Confusion Attacks [Jai Vijayan, Dark Reading]

Securing Git: Addressing 5 new vulnerabilities [Johannes SchindelinJohannes Schindelin, Git Hub]

Malware

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide [Pierluigi Paganini, Security Affairs]

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT [Newsroom, The Hacker News]

Malicious Go Binary Delivered via Steganography in PyPI [Phylum Research Team, Phylum]

‘Got that boomer!’: How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts [Zack Whittaker, Tech Crunch]